Please do not publicly disclose security issues before they have been reviewed and fixed. This includes GitHub issues, GitHub Discussions, public Discord channels, public log uploads, and screenshots containing sensitive details.
Report suspected vulnerabilities directly to Producdevity in the EmuReady Discord.
- Send a direct message to Producdevity if possible.
- If you are not sure how to reach Producdevity, ping the @Mods role and ask to be put in contact. Do not include vulnerability details in the public ping.
- If logs are needed, review and redact them before sharing. GameHub Lite 5.1.8 and newer redact known Steam/auth token fields automatically, but logs from older builds, external tools, or unknown paths may still include tokens, account identifiers, cookies, QR login data, paths containing usernames, or other private information.
Useful report details include:
- affected GameHub Lite version and package variant;
- Android device and Android version;
- a short description of the issue and expected impact;
- reproduction steps;
- relevant logs or screenshots with sensitive data redacted.
Security issues will be reviewed privately first. Once a fix is available, a public release note may be published with enough detail for users to understand the impact and update safely, without exposing exploit instructions or private user data.